<?php
require_once dirname(dirname(dirname(__FILE__))).'/include/db_connect.php';
function dowith_sql($str)
{
   $str = str_replace("and","",$str);
   $str = str_replace("execute","",$str);
   $str = str_replace("update","",$str);
   $str = str_replace("count","",$str);
   $str = str_replace("chr","",$str);
   $str = str_replace("mid","",$str);
   $str = str_replace("master","",$str);
   $str = str_replace("truncate","",$str);
   $str = str_replace("char","",$str);
   $str = str_replace("declare","",$str);
   $str = str_replace("select","",$str);
   $str = str_replace("create","",$str);
   $str = str_replace("delete","",$str);
   $str = str_replace("insert","",$str);
   $str = str_replace("'","",$str);
   //$str = str_replace(""","",$str);
   $str = str_replace(" ","",$str);
   $str = str_replace("or","",$str);
   $str = str_replace("=","",$str);
   $str = str_replace("%20","",$str);
   //echo $str;
   return $str;
}

function alertInfo($msg,$url) {
	echo '<!DOCTYPE html><html><head><script>alert("'.$msg.'");
		window.location="'.$url.'";</script></head><body></body></html>';
}

function getAllUser() {
	$conn = get_db_conn();
	$sql = "select * from user order by id asc;";
	$result = mysql_query($sql,$conn) or die(mysql_error());
	$ret = array();
	$row_cnt = 0;
	while($row = mysql_fetch_array($result)) {
		$ret[$row_cnt++]=array('username'=>$row['username'],'student_id'=>$row['student_id'],
			'user_real_name'=>$row['user_real_name'],'grade'=>$row['grade'],
			'department'=>$row['department'],'user_role'=>$row['user_role'],
			'is_user_on_duty'=>$row['is_user_on_duty'],'id'=>$row['id'],
			'sex'=>$row['sex'],'phone'=>$row['phone'],'available_time'=>$row['available_time']);
	}
	mysql_close($conn);
	return $ret;
}
function getUserById($id) {
	$id = dowith_sql($id);
	$id = addslashes($id);
	$conn = get_db_conn();
	$sql = "select * from user where id=".$id." limit 0,1;";
	if($ret = mysql_query($sql,$conn)) {
		$row = mysql_fetch_array($ret);
		return $row;
	} else return null;
}
function deleteUser($deleteId) {
	$id = dowith_sql($deleteId);
	$id = addslashes($id);
	$conn = get_db_conn();
	$sql = "delete from user where id =".$id.";";
	if(mysql_query($sql,$conn))return true;
	else return false;
}
function addUser($params) {
	$col="";
	$val="";
	foreach ($params as $key => $item) {
		$col.=",".$key;
		$val.=",".$item;
	}
	$sql = "insert into user(".substr($col, 1).") values (".substr($val, 1).");";
	$conn = get_db_conn();
	if(mysql_query($sql,$conn))return true;
	else  {
		echo $sql;
		echo mysql_error();
		return false;
	}
}
function updateUser($params,$id) {
	$sql = "update user set ";
	$tmp = "";
	foreach ($params as $key => $item) {
		$tmp.=",".$key." = ".$item;
	}
	$sql = $sql.substr($tmp, 1)." where id = ".$id.";";
	$conn = get_db_conn();
	if(mysql_query($sql,$conn)) return true;
	else return false;
}

function isUsernameExist($username) {
	$sql = 'select count(*) as cnt from user where username="'.$username.'";';
	$conn = get_db_conn();
	$result = mysql_query($sql,$conn) or die("db error");
	$ret = mysql_fetch_array($result);
	if($ret['cnt']>0)return true;
	else return false;
}

function updateAllUserWorkTime() {
	$cur_table = getCurDutyTable();
	$user_list = getCurDutyUser();
	$tmp_work_time = array();
	$conn = get_db_conn();
	$cur_year = date('Y');
	$cur_month = date('m');
	$cur_weekday = date('w');
	if($cur_weekday==0)$cur_weekday=7;
	$add_arr = array();
	$add_arr['a']=2.5;$add_arr['b']=2.5;
	$add_arr['c']=2.0;$add_arr['d']=1.5;
	$add_arr['e']=2.5;$add_arr['f']=4.0;
	foreach(range('a', 'f') as $item) {
		if($cur_table[$cur_weekday][$item]=='')continue;
		if(!isset($tmp_work_time[$cur_table[$cur_weekday][$item]])) {
			$tmp_work_time[$cur_table[$cur_weekday][$item]]=0;
		}
		$tmp_work_time[$cur_table[$cur_weekday][$item]]+=$add_arr[$item];
	}
	foreach ($user_list as $id => $name) {
		if(isset($tmp_work_time[$id])) {
			$user = getUserById($id);
			$cur_work_time = array();
			$cur_work_time = json_decode($user['work_time'],true);
			if(!isset($cur_work_time[$cur_year][$cur_month])) {
				$cur_work_time[$cur_year][$cur_month]=0;
			}
			$cur_work_time[$cur_year][$cur_month]+=$tmp_work_time[$id];
			$sql = 'update user set work_time = \''.json_encode($cur_work_time).'\' where id = '.$id.';';
			mysql_query($sql,$conn) or die("db error");
		}
	}
	return true;
}

function getUserWorkTime($year,$month) {
	$conn = get_db_conn();
	$sql = 'select id,work_time from user order by id;';
	$result = mysql_query($sql,$conn) or die("db error");
	$ret = array();
	$ret_cnt=0;
	while($row = mysql_fetch_array($result)) {
		$wt = json_decode($row['work_time'],true);
		if(!isset($wt[$year][$month]))$ret[$ret_cnt++]=array('id'=>$row['id'],'wt'=>0);
		else $ret[$ret_cnt++]=array('id'=>$row['id'],'wt'=>$wt[$year][$month]);
	}
	return json_encode($ret);
}